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Abstract 

CO One-counter nets (OCN) are Petri nets with exactly one unbounded place. They are equiv- 

alent to a subclass of one-counter automata with only a weak test for zero. 

We show that weak simulation preorder is decidable for OCN and that weak simulation 
approximants do not converge at level lo, but only at uP . In contrast, other semantic relations 
f^ ^ like weak bisimulation are undecidable for OCN [17], and so are weak (and strong) trace 

^ inclusion (Sec. 7). 

in 

^^ 1 Introduction 

J The modeh One-counter automata (OCA) are Minsky counter automata with only one counter, 

\^ and they can also be seen as a subclass of pushdown automata with just one stack symbol (plus 

t^ a bottom symbol). One-counter nets (OCN) are Petri nets with exactly one unbounded place, 

i__i and they correspond to a subclass of OCA where the counter cannot be fully tested for zero (i.e., 

transitions enabled at counter value zero are also enabled at nonzero counter values). OCN are 

^ arguably the simplest model of discrete infinite-state systems, except for those that do not have 

■^ a global finite control, e.g., (commutative) context-free grammars. 

^•— ^ The state of the art. Verification problems for OCA and OCN have been extensively 

■^ studied, particularly model checking problems with various temporal logics and semantic pre- 

.^ order/equivalence checking w.r.t. given notions of behavior, ^u-calculus model checking [20, 8] 

^) and CTL model checking [7] are PSPACE-complete for OCA/OCN, while EF model checking 

^^ is P -complete [8]. There are many notions of semantic equivalences [6], but the most com- 

• • mon ones are the following (ordered from finer to coarser): bisimulation, simulation and trace 

.J^ equivalence. Each of these have their standard (called strong) variant, and a weak variant that 

^ abstracts from arbitrarily long sequences of internal actions. 

Strong bisimulation for OCA/OCN is PSPACE-complete [3]. However, OCA and OCN 
differ w.r.t. strong simulation. While strong simulation is decidable for OCN [1, 12, 11], strong 
simulation and trace inclusion are undecidable for OCA [13]. ((Bi)simulation checking is also 
undecidable for models with more than one unbounded counter/place ]9].) 

The situation changes when one considers weak semantic equivalences/preorders that ab- 
stract from internal actions. One can define upper- approximations of (bi) simulation up-to k 
by considering only k rounds in the (bi)simulation game. For strong (bi)simulation, these k- 
approximants converge to (bi)simulation at level k = oj, provided that the systems are finitely 
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branching. This is not the case for weak (bi)simulation. Here the approximants are guaranteed 
to converge only at higher ordinals, due to the implicit infinite branching capability introduced 
by the abstraction. This is why it is so hard to prove semi-decidability of weak non-(bi) simulation 
for many classes of infinite-state transition systems. 

For OCA/OCN it was shown that weak bisimulation is undecidable [17]. Moreover, weak 
(and strong) simulation and trace inclusion are undecidable for OCA [13, 22]. However, it was 
an open question whether weak simulation is decidable for OCN. Moreover, the decidability of 
strong and weak trace inclusion was open for OCN [4]. 

Our contribution. We show that weak simulation preorder is decidable for OCN. In fact, 
the weak simulation relation on OCN is effectively semilinear. Moreover, we show that weak 
simulation approximants only converge at level uP' on OCN. The decidability of weak simulation 
is in contrast to the undecidability of weak bisimulation for OCN [17]. This is surprising, because 
it goes against a common trend. On almost all other classes of systems, bisimulation problems 
are computationally easier than the corresponding simulation problems [14]. 

On the other hand, we show that strong and weak trace inclusion are undecidable even for 
OCN. 

Finally, we study checking strong and weak (bi)simulation and trace inclusion between 
OCA/OCN and finite systems, and close some remaining complexity gaps in this area. 

2 Preliminaries 

One-counter systems. We consider infinite-state labeled transition systems induced by OCA 
and /OCN, respectively. A labeled transition system is described by a triple T = {V,Act, — >) 
where y is a (possibly infinite) set of states. Act is a finite set of action labels and — > C 
V X Act X y is the labeled transition relation. We write — >* for the transitive and refiexive 
closure of — > and use the infix notation s — >s' for a transition (s, a, s') G — >, in which case 
we say T makes an a-step from s to s'. Given a finite or infinite sequence of symbols w £ Act* 
oi w G Act^ resp., we write \w\ G N U {w} for the length of w. If w is finite, we denote its i-fold 
concatenation by w'^. 

Definition 1 (One-Counter Automata / Nets) ^ one-counter automaton A = {Q,Act,5,5Q) 
is given by a finite set of control- states Q, a finite set of action labels Act and transition relations 
6 (^ Q X Act X { — 1, 0,1} X Q and 6q (^ Q x Act x {0, 1} x Q. It induces an infinite-state labeled 
transition system over the stateset Q x N, whose elements will be written as pm, as follows. 

a I I -re 

pm — >p m iff 

1. (p, a,d,p') € 6 and m' = m -\- d > or 

2. {p, a, d,p') G (5o, m = and m! = d. 

Such an automaton is called a one-counter net if 5q = 0, i.e., if the automaton cannot test if the 
counter is equal to 0. 

Weak Simulation. In a weak semantics, one needs to abstract from internal actions. Thus 
one assumes a dedicated action r G Act that is used to model internal non-observable steps and 
defines the weak step relation =^ by 

Simulation and weak simulation are semantic preorders in van Glabbeeks linear time - 
branching time spectrum [6], which are used to compare the behavior of processes. Their stan- 
dard co-inductive definition is as follows. A binary relation i? C y^ on the states of a labeled 



transition system is a simulation if sRt implies that for all s — >s' there is a t' such that t — >t' 
and s'Rt'. Similarly, i? is a weak simulation if sRt implies that for all s — >t there is a t' such 
that t^^t' and s'Rt'. (Weak) simulations are closed under union, so there exists a unique max- 
imal simulation ^ , resp. weak simulation ^, which is a preorder on V. A (weak) bisimulation 
is a symmetric (weak) simulation. The maximal (weak) bisimulation is an equivalence. 

Simulation preorder can also be characterized in terms of ordinal approximant relations ^^ , 
which are inductively defined as follows, ^g ~ ^^- -^°^ successors a + 1 let s :^a+i ^ i^ ^^^ ^^^ 
s — >s' there is a t — >t' such that s' :<^ t'. For limit ordinals A define ^^ = na<A —a ■ 

This inductive notion of approximants can be interpreted as an interactive game between 
two players Spoiler and Duplicator, where the latter tries to stepwise match the moves of the 
former. A play is a finite or infinite sequence of pairs of transition system states. For a finite 
play {Eo, Fq), {Ei, Fi), . . . , (£'j, Fi) the next pair (-Ej+i, -^j+i) is determined by a round of choices: 
Spoiler chooses a transition Ei — >Ei+i, then Duplicator responds by choosing an equally labeled 
transition Fi — >Fi^i. A pair {E,F) of states is directly winning for Spoiler if she can choose 
a transition E — >E' so that her opponent cannot respond, i.e. -<3F' .F — >F'. A play is won 
by Spoiler if a pair of states is reached that is directly winning for her, otherwise Duplicator 
wins the play. A strategy is a set of rules that tells the player which valid move to choose. A 
player plays according to a strategy if all her moves obey the rules of the strategy. A strategy 
is winning from (E, F) if every play that starts in (E, F) and which is played according to that 
strategy is winning. 

Proposition 2 For any two states (E, F) of a transition system T, Duplicator has a winning 
strategy in (E, F) in the simulation game iff E <^ F for all ordinals a iff E :< F. 

Weak simulation approximants "^^ and games are defined analogously but allow Duplicator to 
make weak steps and characterize ^. 

The Problem. We consider the problem of deciding weak simulation preorder on one-counter 
nets. An instance is given by a one-counter net N = (Q, Act, 5) and configurations pm and qn, 
and the question is whether pm ^ qn holds. Generally, we want to compute a representation of 
the semilinear set W{p, q) = {(m, n) | pm ^ qn}. 

3 Reduction to Strong Simulation on w-Nets 

First we reduce the weak simulation problem on one-counter nets to a strong simulation problem 
on a slightly generalized model that we call a;-nets. In C(j-nets, there exist dedicated transitions 
with symbolic effect w, which allow to arbitrarily increase the counter in a single step. Checking 
weak simulation between two one-counter nets can be reduced to strong simulation between a 
one-counter net and an w-net. 

Definition 3 (a;- Nets) An w-net N = {Q, Act, 5) is given by a finite set of control- states Q, a 
finite set of actions Act and transitions 5 O Q x Act x { — 1,0, 1,uj} x Q. It induces a transition 
system over the stateset Q x N that allows a step pm — >p'm' if either {p,a,d,p') G S and 
m' = m + d £N or if (p, a, cj, p') G 5 and m! > m. 

Every one-counter net is a w-net without w-transitions. Unlike one-counter nets, w-nets can 
yield infinitely branching transition systems, since each w-transition (p, o, oj,p') introduces steps 
pm — >p'm' for any two naturals m' > m. 

It is easily verified that w-net (and hence also one-counter net) processes satisfy the following 
monotonicity property. 



Proposition 4 (Monotonicity of ^ ) pm — >p'm' implies p{m + d) — >p'{m' + d) for all d G 

N. Moreover, pm :< qn implies pm! :< qn' for m' < m, n' > n. 

The following theorem justifies our focus on strong simulation games where Duplicator plays 
on an co-net process. 

Theorem 5 Checking weak simulation between two one-counter net processes can be reduced to 
checking strong simulation between a one-counter net process and an uj-net process. Formally, 
for two one-counter nets M and N with states Qm CLnd Qn resp., one can effectively construct 
a OCN M' with states Qm' 2 Qm oind a oj-net N' with states Qjyi 5 Qtv such that for each 
pair p,q € Qm x Qn of original control states and any ordinal a the following hold. 

1. pm ^ qn w.r.t. M,N iff pm :< qn w.r.t. M',N'. 

2. If pm ^^ qn w.r.t. M,N then pm :<^ qn w.r.t. M',N'. 

Proo/ (Sketch.) The idea of the proof is to look for counter-increasing cyclic paths via r-labeled 
transitions in the control graph and to introduce w-transitions accordingly. For any path that 
reads a single visible action and visits a 'generator' state that is part of a silent cycle with 
positive effect, we add an oj-transition. For all of the finitely many non-cyclic paths that read a 
single visible action we introduce direct transitions. A full proof is given in Appendix A. □ 

4 Approximants 

We generalize the notion of :<^ simulation approximants in the case of simulation between one- 
counter and cj-net processes. This yields approximants that converge at a finite level for any 
pair of nets. 

First we define approximants :<a in two (ordinal) dimensions. From a game-theoretic per- 
spective the subscript a indicates the number of rounds Duplicator can survive and the super- 
script [3 denotes the number of w-steps Spoiler needs to allow. E.g., pm ^| qn if Duplicator 
can guarantee that no play of the simulation game that contains < 2 w-steps is losing for him 
in less than 6 rounds. If not stated otherwise we assume that N = (Q, Act, 5) is a one-counter 
net and A'"' = {Q', Act, 6') is an oj-net. 

Definition 6 We define approximants for ordinals a and (3 as follows. Let ^[^ = ^q = Q x 
N X Q' X N, the full relation. For successor ordinals a -\- 1, P -\- 1 let pm :^^_^^i qn iff for all 
pm — yp'rrh' there is a step qn — >q'n' s.t. either 

1. {q,a,OJ,q') G 5' (the step is due to an u -transition) and p'm' :<a q'n', or 

2. {q,a,UJ,q') ^ S' , but {q,a,{n' — n),q') £ 5' (i.e., there is no co-transition and the step is 
due to a normal transition) and p'm' :<a q'n'. 

For limit ordinals X we define ^^ = Cls^x — " '^^'^ —\ ~ na<A — " ■ Finally, 

<'= n ^^ ^"= n ^^ (1) 

aeOrd l3<=Ord 

■<^ corresponds to the usual notion of simulation approximants and <" is a special notion 
derived from the syntactic peculiarity of ^-transitions present in the game on one-counter vs. 
w-nets. 



Example 7 Consider a net that consists of a single a-laheled loop in state X and the oj-net 
with transitions Y ^-^Z ^^Z only. We see that for any m,n £ N, Xm ^„ Zn ^n+i Xm. 
Moreover, Xm ^^ Yn hut Xm 2^^_|_i Yn and Xm ^^ Yn but Xm t^^^^ Yn and thus 
Xm i? Yn. 

Definition 8 An approximant game is played in rounds between Spoiler and Duplicator. Game 
positions are quadruples (pm, qn, a, (5) where pm, qn are configurations of N and N' respectively, 
and a,f3 are ordinals called step- and co-counter. In each round that starts in (pm,qn,a, 13): 

• Spoiler chooses ordinals a' < a and (3' < /3, 

• Spoiler makes a step pm — >p'm' , 

• Duplicator responds by making a step qn — >q'n' using some transition t. 

If t was an uj-transition the game continues from position {p'm' ,q'n',a' , /3'), Otherwise the next 
round starts at {p' m' , q' n' , a' , f3) (in this case Spoiler's choice of f3' becomes irrelevant). If a 
player cannot move the other wins and if a or /3 becomes 0, Duplicator wins. 

Lemma 9 If Duplicator wins the approximation game from (pm,qn,a, l3) then he also wins the 
game from {pm, qn, a' , f3') for any a' < a and /3' < (3. 

Proof If Duplicator has a winning strategy in the game from {pm, qn, a, j3) then he can use 
the same strategy in the game from {pm, qn, a' , /3') and maintain the invariant that the pair of 
ordinals in the game configuration is pointwise smaller than the pair in the original game. Thus 
Duplicator wins from {pm,qn,a' ,(3'). □ 

Lemma 10 pm ^^ qn iff Duplicator has a strategy to win the approximation game that starts 
in {pm, qn, a, /3). 

Proof We show both directions by well-founded induction on the pairs of ordinals (a,/3). 

For the "only if" direction we assume pm :<a qn and show that Duplicator wins the game 
from {pm,qn,a,l3). In the base case of a = or /3 = Duplicator directly wins by definition. 
By induction hypothesis we assume that the claim is true for all pairs pointwise smaller than 
{a, 13). Spoiler starts a round by picking ordinals a' < a and /3' < /3 and moves pm — >p'm'. 
We distinguish two cases, depending on whether /3 is a limit or successor ordinal. 

Case 1: /? is a successor ordinal. By Lemma 9 we can safely assume that /3' = f3 — 1. By 
our assumption pm :<a qn and Def. 6, there must be a response qn — >q'n' that is either due 
to an cu-transition and then p'm' ^^, q'n' or due to an ordinary transition, in which case we 
have p'm' :<^, q'n'. In both cases, we know by the induction hypothesis that Duplicator wins 
from this next position and thus also from the initial position. 

Case 2: /3 is a limit ordinal. By pm :<Z qn and Def. 6, we obtain pm :<Z qn for all 7 < /3. 
If a is a successor ordinal then, by Lemma 9, we can safely assume that a' = a — 1. Otherwise, 
if a is a limit ordinal, then, by Def. 6, we have pm ^^„ qn for all a" < a and in particular 
P'm ^q'+i QIT'- So in either case we obtain 

P'm ^^/ I X Q'n for all 7 < /3. (2) 

If there is some w-transition that allows a response qn — >^ q'n' that satisfies p'm' ^^, q'n', 
then Duplicator picks this response and we can use the induction hypothesis to conclude that 
he wins the game from the next position. Otherwise, if no such w-transition exists. Equation (2) 



implies that for every 7 < /3 there is a response to some q'n' that uses a non-w-transition ^(7) 
and that satisfies p'm' ^^, q'n' . Since /3 is a limit ordinal, there exist infinitely many 7 < /3. 
By the pigeonhole principle, that there must be one transition that occurs as ^(7) for infinitely 
many 7. Therefore, a response that uses this transition satisfies p'm! ^^, q'n' . If Duplicator 
uses this response, the game continues from position {p'm' , q'n' , a', /3) and he wins by induction 
hypothesis. 

For the "if" direction we show that pm -^a Qn implies that Spoiler has a winning strategy in 
the approximation game from {pm, qn, a, /3). In the base case of a = or /3 = the implication 
holds trivially since the premise is false. By induction hypothesis we assume that the implication 
is true for all pairs pointwise smaller than {a, (3). Observe that if a or /3 are limit ordinals then 
(by Def. 6) there are successors /3' < /3 and a' < a s.t. pm 7^^, qn. So without loss of generality 
we can assume that a and /? are successors. By the definition of approximants there must be a 
move pm — >p'm' s.t. 

• for every possible response qn — >^ q'n' that uses some (j-transition we have p'm' :^^Zi q'n', 

• for every possible response qn — >q'n' via some normal transition it holds that p'm' 2^q_i 
q'n' . 

So if Spoiler chooses a' = a — 1, (3' = j3 — 1 and moves pm — >p'm' then any possible response 
by Duplicator will take the game to a position {p'm! , q'n' ,^, a') for a 7 < /3. By induction 
hypothesis Spoiler wins the game. D 

Lemma 11 For all ordinals a, (3 the following properties hold. 

1. pm ^a Q'n implies pm' ^^ qn' for all m' < m and n' > n 

2. Ifa'>a and P' > (3 then ^^, C ^^ . 

3. There are ordinals CA, CB such that -<(jj^ = -^qj^j^^ ^^'^ -<'^^ = ^'-'^+1 . 

The first point states that individual approximants are monotonic in the sense of Proposition 
4. Points 2.-4. imply that both -<^ and -<^ yield non-increasing sequences of approximants 
that converge towards simulation. It is easy to see that the approximants ^q, do not converge 
at finite levels, and not even at w, i.e., CA > a; in general. However, we will show that the 
approximants -<^ do converge at a finite level, i.e., CB € N for any pair of nets. 

Proof 1) By Lemma 10 it suffices to observe that Duplicator can reuse a winning strategy 
in the approximant game from {pm, qn, a, 0) to win the game from {pm — di,qn + d2, a, (3) for 
naturals di,d2. 

2) If pm ^^, qn then, by Lemma 10, Duplicator wins the approximant game from position 
{pm, qn, (3' , a'). By Lemma 9 he can also win the approximant game from {pm, qn, (3, a). Thus 
pm -^a Qn by Lemma 10. 

3) By point 2) we see that with increasing ordinal index a the approximant relations :<^ 
form a decreasing sequence of relations, thus they stabilize for some ordinal CA. The existence 
of a convergence ordinal for ^ follows analogously. 

4) First we observe that P|^ ^^ = P|^ f] ^ :<a = C\a Ho —a = flfl —^ ■ It remains to show 

that ^ = f]a^a- 

To show :< 5 Pl^ ^Q , we use CA from point 3) and rewrite the right side to P|^ :<^ = ^(7^ 
= ^cA+i ■ Fi'oii^ Definition 6 we get that :<^ = :<a for 7 > a and therefore ^^-.^t^ = :^Qj^j^_i = 



:^Qj^ = ^Q^. This means ^^^ = Ha —a must be a simulation relation and hence a subset of 
^ . 

To show :< C Pl^ ^^ , we prove by ordinal induction that ^ C ^^ for all ordinals a. The 
base case a = is trivial. For the induction step we prove the equivalent property 7^^ C ^ . 
There are two cases. 

In the first case, a = a' + 1 is a successor ordinal. If pm 2^^/,]^ qn then pm T^^/i Qn and 
therefore, by Lemma 10, Spoiler wins the approximant game from {pm,qn,a' + l,a' + 1). Let 
pm — >p'm' be an optimal initial move by Spoiler. Now either there is no valid response and thus 
Spoiler immediately wins in the simulation game or for every Duplicator response qn — >q'n' 
we have p'm' 2^", q'n' . Then also p'm' 2^^,, q'n' and by induction hypothesis p'm' 2^ q'n'. By 
Proposition 2 we obtain that Spoiler wins the simulation game from {p'm' , q'n') and thus from 
{pm,qn). Therefore pm 2^ qn, as required. 

In the second case, a is a limit ordinal. Then pm -f^^ qn implies pm 2^^, qn for some a' < a 
and therefore pm 2^ qn by induction hypothesis. □ 

The following lemma shows a certain uniformity property of the simulation game. Beyond 
some fixed bound, an increased counter value of Spoiler can be neutralized by an increased 
counter value of Duplicator, thus enabling Duplicator to survive at least as many rounds in the 
game as before. 

Lemma 12 For any one-counter net N = (Q,A,5) and uj-net N' = {Q'A,5') there is a fixed 
bound c G N s.t. for all states p £ Q,q £ Q' , naturals m' > m > c and ordinals a: 



\/n.{pm <^ qn 



dn .pm :<^ qn ) 



(3) 



Proof It suffices to show the existence of a local bound c for any given pair of states p, q that 
satisfies (3), since we can simply take the global c to be the maximal such bound over all finitely 
many pairs p, q. Consider now a fixed pair p, q of states. For m,n G N, we define the following 
(sequences of) ordinals. 

I{m, n) = the largest ordinal a with pm :<^ qn or CA 
if no such a exists, 
I{m) = the increasing sequence of ordinals I(m,n)n>o, 
S{m) = sup{/(m)}. 

Observe that I{m, n) can be presented as an infinite matrix where I{m) is a column and 
S{nn) is the limit of the sequence of elements of column I{m) looking upwards. Informally, 
S{m) = limi^ool{m,i). 



S{m) > S{m') 



VI 



VI 



>. 



I{m,n') > I{m',n') > 

VI VI 

I{m,n) > I{m',n) > 



By Lemma 11 (point 1), we derive that for any n' > n G N and m' > m G N 

I(m,n') > I{m,n) > I{m',n) (4) 

and because of the second inequahty also S{m) > S{m'). So the ordinal sequence S{m)m>o 
of suprema must be non-increasing and by the well-ordering of the ordinals there is a smallest 
index /c G N at which this sequence stabilizes: 

yi > k. S{1) = S{k). 

We split the remainder of this proof into three cases depending on whether I{k) and I{1) for 
some / > k have maximal elements. In each case we show the existence of a bound c that satisfies 
requirement (3). 

Case 1. For all I > k and n G N it holds that 1(1, n) < S{1), i.e., no /(/) has a maximal 
element. In this case c := k satisfies the requirement (3). To see this, take m' > m > c = k 
and pm <^ qn. Then, by our assumption, a < S{m) and S{m) = S{m') = S{k). Therefore 
a < S{m'). Thus there must exist an n' G N s.t. pm' <^ qn' , as required. 

Case 2. For all I > k there is a n; G N such that I{l,ni) = S{1), i.e., all /(/) have maximal 
element S{1) = S{k). Again c := k satisfies the requirement (3). Given m' > m > c = k and 
pm ^„ qn we let n' := n^' and obtain I{m',n') = S{m') = S{k) > a and thus pm' <^ qn' , as 
required. 

Case 3. If none of the two cases above holds then there must exist some I > k s.t. the 
sequences I{k), . . . , /(/ — 1) each have a maximal element and for /' > / the sequence /(/') has no 
maximal element. To see this, consider sequences I(x) and I{x') with x' > x > k. If I{x') has a 
maximal element then so must I{x), by equation (4) and S{x) = S{x') = S{k). Given this, we 
repeat the argument of the Case 1. with c := I and again satisfy the requirement (3). □ 

Lemma 13 Consider strong simulation :< between a one-counter net N = (Q, A, S) and an 
wnet N' = {Q', A, 5'). There exists a constant C5 G N s.t. ■< = <^^ . 

Proof We assume the contrary and derive a contradiction. By Lemma 11(4), the inclusion 
< C ^^ always holds for every ordinal /3. Thus, if '^CB G N. ^ = ^*^^ then for every finite 
/? G N there are processes poniQ and q^UQ s.t. Potuq ^^ qono but pomQ -f. qoHQ. In particular, 
this holds for the special case of /3 = IQ x Q'\ (c+l), where c is the constant given by Lemma 12, 
which we consider in the rest of this proof. 

Since qoUo does not simulate Potuq, we can assume a winning strategy for Spoiler in the 
simulation game which is optimal in the sense that it guarantees that the simulation level ai 
- the largest ordinal with pinii <^_ q^Ui - strictly decreases along rounds of any play. By 
monotonicity (Lemma 11, part 1) we can thus infer that whenever a pair of control-states 
repeats along a play, then Duplicator's counter must have decreased or Spoiler's counter must 
have increased: Along any partial play 

{pomo,qono)(to,t'Q){pimi,qini){tt,t'i) . . . {pumk^qkUk) of length k with pi = pj and qi = qj for 
some i < j < k we have Uj < Ui or rrij > ttij. By a similar argument we can assume that 
Duplicator also plays optimally, in the sense that he uses w-transitions to increase his counter 
to higher values than in previous situations with the same pair of control-states. By combining 
this with the previously stated property that the sequence of qj strictly decreases we obtain the 
following: 

if Pi = Pj,qi = qj and t^.^, tj_i G 6ui then nij > mi. (5) 

Here 5i^ denotes the set of transitions with symbolic effect uj in Duplicator's net. 



Although Duphcator loses the simulation game between porriQ and go^O) our assumption 
Porno ■<" qono with /3 = \Q x Q'\{c + 1) implies that Duplicator does not lose with less than 
(3 cj-transitions, regardless of Spoiler's strategy. Thus there always is a prefix of a play along 
which Duplicator makes use of w-transitions /3 times. 
Let TT = {pomo,qono){to,tQ){pimi,qini){tt,t[) . . . {pumk^qkUk) be such a partial play. 

Our choice of /3 = jQ x Q'\{c + 1) guarantees that some pair (j», q) of control-states repeats 
at least c + 1 times directly after Duplicator making an w-step. Thus there are indices i(l) < 
z(2) < ■ ■ ■ < i{c+ 1) < k s.t. for all 1 < j < c + 1 we have PjQ) = p, q^^j-^ = q and t^ .-, G 5^. 
By observation (5) and rriQ > we obtain that mj(^) > a; for < x < c + 1. In particular, 
c < "^j(c) < ?^i(c+i)) i-6-) both of Spoiler's counter values after the last two such repetitions must 
lie above c. This allows us to apply Lemma 12 to derive a contradiction. 

Let a be the simulation level before this repetition: a is the largest ordinal with pm,u^-^ <^ 
qn^(c)- Since r7T,j(c^;^-) > m^r^\ > c, Lemma 12 ensures the existence of a natural n' s.t. pm^r^^i\ <^ 
qn'. Because Duplicator used an w-transition in his last response leading to the repetition of 
states there must be a partial play tt' in which both players make the same moves as in tt ex- 
cept that Duplicator chooses nj(c+i) to be n' . Now in this play we observe that the simulation 
level did in fact not strictly decrease as this last repetition of control-states shows: We have 

piTT-ifc) :^a 1''^i(c) ^ct+i P''^i{c) ^-^d P^fc+i) ^a '7'^i(c+i)) which contradicts the optimality of 
Spoiler's strategy. D 

5 The Main Result 

We prove the decidability of simulation between one-counter nets and w-nets. First, we show that 
for each finite level A; G N the approximant ■< is effectively semilinear, i.e., we can compute the 
semilinearity description of ■< . This yields a decision procedure for simulation that works as 
follows. Iteratively compute ^^ for growing k and check after each round if the approximant has 

converged yet. The convergence test of ^^ = ^^~i can easily be done, since the approximants 
are semilinear sets. Termination of this procedure is guaranteed by Lemma 13, and the limit is 
the simulation relation by Lemma 11 (point 4). 

We recall the following important result by Jancar, Kucera and Moller. 

Theorem 14 ([11]) The largest strong simulation relation :< between processes of two given 
one-counter nets is effectively semilinear. 

Now we construct the semilinear approximants ^ . 

Lemma 15 Given a one-counter net N and an Lo-net N', the approximant relations ■<^ between 
them are effectively semilinear sets for all A; G N. 

Proof Let N = {Q,Act,6) and N' = {Q', Act,6'). We prove the effective semilinearity of :<^ 
by induction on k. 

The base case :<^ = Q x N x Q' x N is trivially effectively semilinear. 

For the induction step we proceed as follows. By induction hypothesis ^ is effectively 
semilinear. Using this, we reduce the problem of checking ^^+i between N and N' to the 
problem of checking normal strong simulation ^ between two derived one-counter nets Ns and 
Nd, and obtain the effective semilinearity of the relation from Theorem 14. More precisely, the 
derived one-counter nets Ng and Njj will contain all control-states of N and N' , respectively, 
and we will have that pm ^'^+^ qn w.r.t. N,N' iS pm :< qn w.r.t. Ns,N£). 

Before we describe Ns and Nj:) formally, we explain the function of a certain test gadget 
used in the construction. 



An important observation is that after Duplicator made an uj-move in the approximation 
game between A^ and N' , the winner of the game from the resulting configuration depends only 
on the control-states and Spoiler's counter value, because Duplicator could choose his counter 
arbitrarily high. Moreover, monotonicity (Lemma 11, point 1) guarantees that there must be 
a minimal value for Spoiler's counter with which he can win if at all. This yields the following 
property. 

For any pair of states (p, q) £ Q x Q' there must exist a value M{p, g) G N U {uj} s.t. for all 
m G N 

(Vn G N.pm -f^ qn) <S=^ m > M{p, q) (6) 

Since, by induction hypothesis, ^'^ (and thus also its complement) is effectively semilinear, we 
can compute the values M{p, q) for all (p, q) £ Q x Q'. 

The test gadgets. Given the values M{p,q), we construct test gadgets that check whether 
Spoiler's counter value is > M{p, q). For each (p, q) £ Q x Q' we construct two one-counter nets 
S{p,q) and T{p,q) with initial states s{p,q) and t{p,q), respectively, such that the following 
property holds for all m,n £N. 

s{p,q)m j^ t{p,q)n <;=^ m>M{p,q) (7) 

The construction of S{p, q) and T{p, q) is very simple. Let s{p, q) be the starting point of a 
counter-decreasing chain of e-steps of length M(p, q) £ N where the last state of the chain can 
make an /-step whereas t{p,q) is a simple e-loop (where e, / are fresh actions not in Act). If 
^{Pil) = "^j rnaking s{p,q) a deadlock suffices. Thus S{p,q) and T{p,q) are one-counter nets, 
denoted by S{p,q) = {Qs{p,q),Acts{p,q),Ss{p,q)) and T{p,q) = {Qt{p,q), Actt{p,q),St{p,q)). 
Wlog. we assume that their state sets are disjoint from each other and from the original nets 
N,N'. 

The construction of Ns and No- Let Ns = {Qs, Act' ,6s) and Nd = {Qd, Act',6D) be 
one-counter nets constructed as follows. Act' = Act L)Q x Q' U {/, e} (where e, / are the actions 
from the test gadgets). Spoiler's new net Ns has states 

Duplicator's new net N^ has states 

Qd = Q'iJ{W}1} U QtiP^Q)- (9) 

peQ,qeQ' 

where T4^ is a new state. 

Now we define the transition relations. Jg = 5 U UpeQ aeQ' ^sip, q) plus the following transi- 
tions for all p £ Q,q £ Q': 

p^s{p,q) (10) 

^D = {q ^-^q' £ 6' \ X j^ (jj}U UpeQ qeO' ^tiP^ l) P^^^ *^^ following transitions for all p,p' £ Q 
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and q, q' G Q': 

q-^t{p,q') , ifq^q'ed' (11) 

,(^^'V (12) 

tip,q)^'^\p,q) (13) 

t{p, q) ^^-^' V for all q ^ q' (14) 

t{p, q) ^W for all a G Act (15) 

VF^VF forallaG^ci' (16) 

Correctness proof. We show that for any pair pm, qn of configurations of the nets N, N' we 
have pm ^^+^ qn if and only if pm :< qn in the newly constructed nets Ns, Nd. 

To prove the 'if direction we assume that pm ^ ~^^ qn w.r.t. N, N' and derive that pm -^ qn 
w.r.t. NsjNf). By our assumption and Definition 6, there exists some ordinal a s.t. pm 2^^^^ 
qn. By Lemma 10, Spoiler has a winning strategy in the approximation game from position 
{pm, qn, a,k + 1). The result then follows from the following general property. 

Property PI. For all ordinals a, control-states {p,q) G Q x Q' and naturals m,n £ N: If 
Spoiler has a winning strategy in the approximation game from position {pm, qn, a,k+ 1) then 
he also has a winning strategy in the strong simulation game between Ns,N£) from position 
{pm,qn). 

Proof To prove PI, we fix some p £ Q,q £ Q' and proceed by ordinal induction on a. The 
base case trivially holds since Spoiler looses from a position (pm, qn, 0, A; + 1). 

For the induction step let Spoiler play the same move pm — >p'm' for some a £ Act in 
both games according to his assumed winning strategy in the approximation game. Now Du- 
plicator makes his response move in the new game between Ns,N£), which yields two cases. 
In the first case. Duplicator does not use a transition from Equation (11). Then his move 
induces a corresponding move in the approximation game which leads to a new configuration 
{p'm',q'n',a',k + 1) where p'm' -f^^ q'n' for some ordinal a' < a. Thus, by Lemma 10 and 
the induction hypothesis, the property holds. 

In the second case. Duplicator's response is via a transition from Equation (11), which leads 
to a new configuration {p'm' ,t{p" ,q')n) for some p" £ Q. Thus in the approximants game there 
will exist Duplicator moves to positions {p'm! ,q'n' ,a' ,k) where n' G N can be arbitrarily high. 
We can safely assume that Duplicator chooses p" = p' , since otherwise Spoiler can win in one 

round by playing p'm! —^ . Now in the following round Spoiler can play p'm' —^ s{p' , q')m' by 
Equation (10) and Duplicator's only option is to stay in his current state by Equation (13). The 
game thus continues from {s{p' ,q')m' ,t{p' ,q')n). By our assumption Spoiler wins the approxi- 
mation game from the position {pm, qn, a,k + 1). Thus there is some ordinal a' < a s.t. Spoiler 
also wins the approximation game from the position {p'm! ,q'n' ,a' ,k) for every n' £ N. Thus, 
by Lemma 10 and Definition 6, we have p'm' 7^^, q'n' and by Lemma 11 (item 2) p'm' -fr q'n' 
for all n' £ N. By Equation (6) we obtain m! > M{p',q'). By the construction of the gadgets 
and Equation (7) we get s{p',q')m' -f^ t{p',q')n, which implies the desired property. □ This 

concludes the proof of the 'if direction. Now we prove the 'only if direction of the correctness 
property. We assume that pm 7^ qn in the newly constructed nets Ns and N^ and derive that 
pm -f^^^ qn w.r.t. N , N'. To do this, we first show the following general property. 
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Property P2. If pm 7^ qn with respect to nets Ns and N^ then there exists some general 
ordinal a' s.t. pm -f^^ qn with respect to nets N,N'. Proof Assume pm ^ qn with respect to 
nets Ns and N^- Since both NsjNd are just one-counter nets, non-simulation manifests itself 
at some finite approximant a G N, i.e., pm -f^^ qn. We prove property P2 by induction on a. 
The base case of a = is trivial. For the induction step we consider a move pm — >p'm' for 
some a G Act by Spoiler in both games according to Spoiler's assumed winning strategy in the 

game between Ns,Nd (It cannot be a Spoiler move p ^-4 s{p,q) by Equation (10), because 
Duplicator would immediately win via a reply move by Equation (12)). Now we consider all 
(possibly infinitely many) replies by Duplicator in the approximation game between N, N' from 
a position {pm,qn,a' ,k + 1) for some yet to be determined ordinal a'. These replies fall into 
two classes. 

In the first class. Duplicator's move qn — >q'n' is not due to an cj-transition and thus also a 
possible move in the strong simulation game between Ns, N^. From our assumption that Spoiler 
wins the strong simulation game from position (pm, qn) in at most a steps, it follows that Spoiler 
wins the strong simulation game from {p'm' , q'n') in at most a— 1 steps. By induction hypothesis, 
there exists an ordinal a" s.t. Spoiler has a winning strategy in the approximation game for 
<^ between N, N' from position {p'm', q'n'). There are only finitely many such replies. Thus 
let q" be the maximal such a". 

In the second class. Duplicator's move qn — >q'n' uses an (j-transition which does not exist 

in Nd. Instead there exists a Duplicator transition qn —^t{p", q')n by Equation (11). From our 
assumption that Spoiler wins the strong simulation game from position (pm, qn) in at most a 
steps, it follows that Spoiler wins the strong simulation game from (p'm' ,t{p" ,q')n) in at most 
a — 1 steps. If p" 7^ p' then this is trivially true by a Spoiler move by Equation (10). Otherwise, 

(p' </') 
if p" = p', then this can only be achieved by a Spoiler move of p'm' ^-4' s(p',q')m' in the 

next round, because for any other Spoiler move Duplicator has a winning countermove by Equa- 

(p' ,q'),0 

tions (14) or (15). In this case Duplicator can only reply with a move t{p',q')qn ^-4' t{p',q')n 
by Equation (13), and we must have that Spoiler can win in at most a — 2 steps from position 
{s{p' ,q')m' ,t{p' ,q')n). This implies, by Equation (7), that m' > M{p',q'). Then Equation (6) 
yields Vn G N.p'm' 2^ q'n. Thus for every n G N there exists some ordinal a„ s.t. p'm' 7^^ q'n. 
Let a" be the smallest ordinal s.t. Vn G N. a^ < «"■ Each of the finitely many distinct 
w-transitions yields such an a" . Let a^ be the maximum of them. 

We set a' := max(a^,a^) -|- 1. Then every reply to Spoilers move pm — >p'm' in the ap- 
proximation game from {pm,qn,a' ,k + 1) leads to some position that is winning for Spoiler. 
So, Spoiler has a winning strategy in the approximation game from {pm,qn,a' ,k + 1) and by 
Lemma 10, pm ^^, qn w.r.t. N, N' , which concludes the proof of property P2. □ To 

show the 'only if direction of the correctness property, we assume that pm -f^ qn in the newly 
constructed nets Ns,N£,. By property P2 we have pm 7^^, qn for some ordinal a' and thus 
pm -f^^'^ qn w.r.t. N,N'. This concludes the 'only if direction. 

We have constructed one-counter nets Ns,N£) s.t. pm ^^+^ qn w.r.t. N,N' if and only if 
pm :< gn w.r.t. Ns,N£). By Theorem 14, ^'^^^ is effectively semilinear. □ 

Theorem 16 The largest weak simulation over processes of a given one-counter net is effectively 
semilinear and thus decidahle. 

Proof By Theorem 5 it suffices to show that the largest strong simulation relation ^ between 
a one-counter net N and a w-net N' is effectively semilinear. By Lemma 15, we can iteratively 
compute the semilinearity description of the approximants ^^ for A: = 0, 1, 2, ... . Convergence 

can be detected by checking if < = ^^"^ ^ which is effective because equality is decidable for 
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seinilinear sets. Termination (i.e., eventual convergence at a finite index) of tliis procedure 
is guaranteed by Lemma 13, and tlie readied limit is the semilinear simulation relation by 
Lemma 11 (item 4). □ 

6 Approximant Convergence at uP' 

We show that ordinary weak simulation approximants ^^ converge at level a = w^ on OCN. 

Lemma 17 When considering relations between a one-counter net and an uj-net, we have :<^- 
C ^* for every i G N. 

Proof By induction on i. The base case of i = is trivial, since ^^ is the full relation. We 
prove the inductive step by assuming the contrary and deriving a contradiction. Let pm :<^- qn 
and pm -^ qn for some i > 0. Then there exists some ordinal a s.t. pm 2^^ qn. Without 
restriction let a be the least ordinal satisfying this condition, li a < uoi then we trivially have 
a contradiction. Now we consider the case a > oji. By pm -f^^ qn and Lemma 10, Spoiler has a 
winning strategy in the approximant game from position (pm,qn,a,i). Without restriction we 
assume that Spoiler plays optimally, i.e., wins as quickly as possible. Thus this game must reach 
some game position (p'm' , q'n' , a' + l,i) where a' > ojiisa limit ordinal, such that Spoiler can win 
horn {p' m' , q' n' , a' + 1 , i) hut not bom (p' m' , q' n' , a' , i) . I.e., p'm' :^'''^,,^ q'n' , hut p'm.' ^^, q'n'. 
Consider Spoiler's move p'm' — >p"m" according to his optimal winning strategy in the game 
from position (p' m' , q' n' , a' + l,i). Since p'm' ^^, q'n' and a' is a limit ordinal, for every 
ordinal ^k < ct' , Duplicator must have some countermove q'n' — ^qk^k s.t. p"m" ^l^, qknk, 
where j = i — 1 if the move was due to an w-transition and j = i otherwise. In particular, 
sup^{7fc} = a' . However, since Spoiler's move p'm' — >p"m" was according to his optimal 
winning strategy from position {p' m' , q' n' , a' + l,i), we have that p"m" 7^^, qknk. Therefore, 
there must be infinitely many different Duplicator countermoves q'n' — >qknk- Infinitely many 
of these countermoves must be due to an w-transition, because apart from these the system 
is finitely branching. Thus for every ordinal 7 < a' there is some Duplicator countermove 
q'n' — >qkf^k which is due to an w-transition s.t. p"m" ^iT^""^ Qk^^k where 7^ > 7 (note the 
i — 1 index due to the cu-transition). In particular, we can choose 7 = (jj{i — 1), because 
i > and a' > uii. Then we have p"m" ^*~j^ _-,n qknk, but p"m" -f^", qk^k- However, from 

p"m" ^*^ -,-, qknk and the induction hypothesis, we obtain p"m" ^*~^ Iknk and in particular 
p"m" ^^ Qknk- Contradiction. D 

Theorem 18 Weak simulation approximants on OCN converge at level iJ^ , but not earlier in 
general. 

Proof First we show that ^ 2 is contained in ^ for OCN. Let pm and qn be processes of 
OCN M and N, respectively. Let M',N' be the derived OCN and w-net from Theorem 5. 
Assume pm ^ 2 Qn w.r.t. M,N. Then, by point 2) of Theorem 5, pm :< 2 Qn w.r.t. M',N'. 
In particular we have pm :^^^CB 9^ w.r.t. M',N', with the CB £ N from Lemma 13. From 
Lemma 17 we obtain pm ^^^ qn w.r.t. M',N'. Lemma 13 yields pm ^ qn w.r.t. M',N'. 
Finally, by Theorem 5, we obtain pm ^ qn w.r.t. M, N. 

To see that w^ is needed in general, consider the following class of examples. Let p — >p 
define a simple OCN (actually even a finite system). For every i G N we define an OCN iVj with 
transitions {qk,a,-l,qk), {qk-i,T,Q,q'f,_^), {q'i^_^,T,l,q'i^_^), and {q'k_i,a,0,qk) for all k with 
1 < k < i. Then, for the net Ni, we have p ^^- q^O, but p % ggO. Thus in general ^ 7^ ^^^ for 
any i G N. □ 
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7 Undecidability of Trace Inclusion and Equivalence 

For any process a we write T{a) for the set {w G Act*\3l3.a — t-/?} of traces of a. We consider 
trace inclusion and equivalence checking for OCN, which was stated as an open question in [4]. 
We show that both problems are undecidable for OCN by a reduction from the containment 
problem for weighted automata [2]. 

Definition 19 (Weighted Automata) A weighted finite automaton (WFA) is a tuple {Q, S, 5, qo) 
where Q is a finite set of states, S a finite alphabet, qq £ Q an initial state and 5C QxT,xNxQ 
a transition relation. If {p,a,d,p') G 6 the automaton can go from p to p' reading a sym- 
bol 'a' with reward d £ N. A run of A on a word w = wqWi . . .Wn £ Ti* is a sequence 
{qi,Wi,di,qi+i)o<i<n G S* of transitions. The value of such a run is ^"=q '^*'' ^^^ value L{A,w) 
of a word w £ Ti* is the maximal value of any run on w. 

We say that the language of WFA A is contained in that of WFA B (over the same alphabet 
S), L{A) C L{B), iff for all words w £ S*, L{A,w) < L{B,w). Checking L{A) C L{B) is 
undecidable [2] (Theorem 4). The next result is a direct consequence. 

Theorem 20 Trace inclusion/equivalence between OCN processes is undecidable. 

Proof Inclusion can trivially be reduced to equivalence for nondeterministic systems like OCN. 
Thus we show undecidability of inclusion by reduction from WFA containment. The idea is 
to encode the WFA as OCN, using the counter as accumulator. To ensure a faithful encoding 
of WFA containment, the OCN can at any point jump to a gadget that compares the counter 
values. 

Given WFA A = (Qa, S, Sa, qA) and B = (Qb, S, 6b, qB) we construct nets A' and B' with 
states Qa U {!?} and Qb U {D} resp., over alphabet Act = S U {d} where d is a fresh symbol. 

We add transitions D ^— t-D to both nets as well as q ^— J-Z) for any original state. We argue that 
L{A) C L{B) if and only if T{qA{'d)) C r(gij(0)). 

Assume a witness w with L{A^w) = v > L{B,w). Then there is a run of A on ti; with 
a value higher than that of any run of B on w. So the word wd^ must be a valid trace from 
5^(0), but not from (7_b(0). Conversely, if L{A, w) < L{B, w) for all w £ T,* , then for any run of 
A' there is a run of B' over the same sequence of actions which accumulates a higher or equal 
counter value. Thus no such word can be extended to a counterexample for trace inclusion by 
appending finitely many d's. D 

8 Comparing OCN/OCA and Finite Systems 

Simulation. First we consider checking strong/weak simulation between OCN/OCA and finite 
systems, and vice-versa. 

Theorem 21 Checking if a finite-state process weakly simulates a OCN process is in P. 

Proof It suffices to first replace the step relation in the finite system with its weak closure 
so that q =^q' <^=^ q — >q' and then check if the resulting finite system strongly simulates 
the net. The finiteness of the state space allows us to compute the weak closure in polynomial 
time. A polynomial time algorithm for checking strong simulation between OCN and finite-state 
processes can be found in [16]. □ 

For the other direction, checking if a OCN process weakly simulates a finite-state process, 
we show that it suffices to consider a finite version of the net where the counter is capped 
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at a polynomially bounded level. The crucial observation is that monotonicity implies that 
Duplicator must be able to ensure that his counter never decreases along any partial play that 
repeats control-states. 

Definition 22 Let N = {Q,Act,6) be a OCN and I G N. The Z-capped version of N is 
the finite system Ni = (Qi, — >) with states Qi = {{q,n)\q £ Q,n < 1} and transitions 
{q,n)-^{q',mm{n',l}) iff qn -^^ q' n' . 

It is easy to see that Ni can be constructed from A'' in time proportional to I x \N\. For n,l £N 
we observe the following properties. 

Proposition 23 

1. {q,mm{n,l}) ^ qn, 

2. qn ^i {q,min{n,l}), 

3. (g, min{n, /}) ^ (g, min{n + 1, /}). 

We continue to show that Duplicator can be assumed to play optimally in a sense that 
depends on cycles in the underlying control graphs. Consider a simulation game between a 
finite process and a OCN process (or its c-capped version). 

Definition 24 A partial play tt = (pQ, 9o^o)(iO) *o) • • • (Ph qi^l) is a cycle if pQ = pi and qo = qi- 
It is decreasing if no > ni. 

Similarly, if Duplicator plays on a c-capped version of the net, the play it = (po, {%, minjno, c})) 
(to,io) • • • {pi, {qi,in.m{ni,c})) is a cycle if po = pi and qo = qi and is decreasing if the second 
component of Duplicator's state decreases. A cycle is called simple if no proper subsequence is 
itself a cycle. The length of simple cycles is bounded by \S x Q\, where S is the set of states of 
the finite-state process. 

Lemma 25 Suppose p ^ qn. Then Duplicator has a winning strategy in the weak simulation 
game that moreover guarantees the following properties in every play. 

1. No round decreases the counter by more than \Q\*2 -\-l. 

2. Every simple cycle is non- decreasing. 

Proof A weak step so{nio) ^^ti{ni) by Duplicator is due to some sequence soinio) — >si{mi) 
— > . . . — >si{mi) — >tQ{nQ) — >ti{ni) — > . . . — >tk{nk). By monotonicity it is suboptimal for 
Duplicator to decrease the counter when silently moving from state Si to Sj = Sj (or from tj to 
tj = ti) for i < j. Also, we can safely assume that a weak step as above will be non-decreasing 
if there are indices i < j with Sj = Sj and nii < rrij (or ti = tj and ni < nj). Therefore, if the 
weak step decreases the counter, both silent paths will be acyclic and hence no longer than \Q\. 
Such a step cannot decrease the counter by more than |(5| * 2 -|- 1. 

For the second point observe that if Duplicator cannot avoid the next simple cycle to be 
decreasing, then Spoiler must have some strategy to enforce cycles to be decreasing. Such a 
strategy must be winning for Spoiler as it eventually exhausts Duplicator's counter. □ 

The next lemma uses the previously stated optimality assumption to show that we only 
need to consider a polynomially capped net to determine if a OCN process weakly simulates a 
finite-state process. 



15 



Lemma 26 For any pair F = {S, — >), N = {Q, Act, S) of a finite-state system and OCN resp., 
there is a fixed polynomial hound c such that for all n G N; 

p ^ qn <;=^ p ^ (q, niin{n, c}) 

and (g, min{n, c}) is a state of the c-capped version Nc of N . 

Proof The "if" direction follows directly from Proposition 23 (point 1). For the other direction 
we show that c := 2{\Q\ *2 + 1)(|<S' x Q\) + 1 suffices to contradict p ^ qn and p % (g, min{n, c}). 
p ^ qn implies p ^^ qn and by Proposition 23 (2) we have p ^^ (g,min{n, c}). Moreover, 
Duplicator has an optimal strategy in the sense of Lemma 25. We see that using the same 
strategy in the game p vs. (q, min{n, c}) guarantees that 

1. No round decreases the second component of Duplicator's state by more than |Q| * 2 + 1. 

2. For any simple cycle between game positions pi, {qi,ni) and pj, {qj,nj) it holds that rij > nj 

or Uj > c- {\Q\ *2 + 1) * {\S X Q\). 

To see the second point observe that the only way a simple cycle can be decreasing is because 
some of its increases are dropped due to the counter being at its limit c. Then point 1 implies 
Uj > c— {\Q\ *2 + 1){\S X Q\) because the length of simple cycles is bounded by IS* x Q\. 
By our assumption p % (q, min{n, c}), we can consider a play 

TT = {po, (go, no))(to, io)(pi, (gi, ni))(ti, 4) . . . {pi, {qi, n/)) 

where po = P and (qo, uq) = (q, min{n, c}), along which Duplicator plays optimally as described 
above and which is winning for Spoiler in the smallest possible number of rounds. 

Since c > \S x Q\, we know that n must contain cycles as otherwise I < \S x Q\ and thus 
p ^g (g,min{n,c}) contradicts that tt is won by Spoiler. So assume the last simple cycle in 
IT is between positions i and j. We know that Uj < m, as otherwise omitting this last cycle 
results in a shorter winning play for Spoiler by monotonicity. This means that Uj must be 
> c— (|(5|*2 + l)(|5x(5|) by Observation 2. Because the play between rounds j and / is shorter 
than \S X Q\ rounds, Observation 1 implies rii > c — 2{\Q\ * 2 + 1)(|'S' x Q\) > 0. 

But now observe that the last position pi, {qi,ni) must be directly winning for Spoiler. That 
is, for some action a holds that pi — >p' and {qi,ni) -f^. But because n/ > 0, we know that also 
qiTii -f^ in the original OCN process. This contradicts our assumption that Duplicators original 
strategy in the unrestricted game was winning. □ 

Theorem 27 Checking if a OCN process weakly simulates a finite-state process can be done in 
polynomial time. 

Proof To check if p ^ qn holds we can by Lemma 26 equivalently check p ^ {q, min{n, c}) 
where (g,min{n,c}) is a state of a polynomially bounded finite system Nc- Checking weak 
simulation between two finite processes is in P. D 

Trace Inclusion. Now we consider checking strong/weak trace inclusion between finite-state 
systems and OCA/OCN. It is undecidable whether an OCA contains the strong/weak traces of 
a finite-state system [22]. However, is is decidable whether a Petri net contains the strong/ weak 
traces of a finite-state system [10], and thus the question is decidable for OCN. 

Now we consider the other direction of trace inclusion. We show that checking whether a 
finite-state system contains the strong/weak traces of an OCA is PSPACE complete. For this we 
recall some structural properties of OCA processes. We write pm — >f^ qn for OCA configurations 
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pm and qn if there is a path of length k from pm to qn. A path is positive if at most the last 
visited configuration has counter value 0, i.e., no step is due to a transition in 6q. We write 
pm — >f^ qn if there is a positive path of length k from pra to qn. 

Lemma 28 ([5], Lemma 5) Consider a OCA with stateset Q and letp,q € Q. If pi — f qO 

then pi — >j^ qO for some k < IQP- 

Lemma 29 Consider a OCA {Q,Act,5,5Q) where K = \Q\ and p,q G Q. If pm — f qn for 
some n G N then pm — >-^ qn' for some n' and k < max{r7T,, 1}5K'^. 

Proof We distinguish two cases depending on whether there is a positive minimal path from 
pm to qn. 

Case 1: There is a positive minimal path witnessing pm — >* qn. Consider such a path 
{po'mo), iPiiTT-i), . . . , (pkiTT-k) from pm = poniQ to qn = Pk'mk- We know that there is a path from 
p to g in the control graph of the automaton that uses transitions in 6 only. So there must be 
such a path in the control graph that is no longer than K. Thus, \i m> K, then there is a n' 
such that pm — \ qn' for some k < K. Otherwise, \i m < K, we observe that 

if pm — w'inn! then p{m + 1) — \p'{m' + 1). (17) 

After at most K steps, our minimal path will repeat some control-state pj = pi at positions 
j < I < K. By minimality and point (17) we can assume that nij < mi. Therefore, after at 
most K such repetitions the counter will reach a value > K, and thus, by the first case above, 
the remaining path must be of length < K. This allows us to bound the length of the minimal 
path from pm to control-state q by K^ + K. 

Case 2: No minimal path witnessing pm — f qn is positive. Consider a minimal path 
{PoViIq), (pimi), . . . , {pk'nik) from pm = poniQ to qn = Pkink and let zq, ii, . . . , i; be exactly those 
indices with nii. =0. We split the path into phases pomo — ^* Piofnio^ Pi 'mi +i — >■* Pii-,i~,'mi\ 
for < ?' < / and Pi,,,T.mi.,,^. — ^ Pk^^k and consider the first, the last and the intermediate 
phases separately. 

First phase. The path porriQ — >* Pioniig can be split into parts qj^niQ — j) — f qj^i{mQ — 
(j -|- 1)) for < j < niQ and qo = pQ and q^^ = Pi^, by considering the first occasions where the 
counter value reaches rriQ — j. In particular, inside the path qj{mo — j) — f qj-\-i{mQ — {j + 1)) 
the counter value does not drop below rriQ — j before the last step. By Lemma 28 and point 
(17) there exists a path qj{mo — j) — f qj-^^l{mo — (j -|- 1)) of length < K"^. Thus the path 
Potuq — >* Piofn^^ can be bounded by length mK^. 

Intermediate phases. These are paths from some configuration pjO to pi Q. Such a path 
is either of length 1, or the first step increases the counter, i.e., pjO — )■ q\ for some control-state 
q. In the latter case, by minimality and Lemma 28 we can bound the path from q\ to Pi,.,y.Q 
by K^. Thus we can bound the path pj to j)j by K^ + 1. Note that there can only be 
at most K such intermediate phases, because the path would otherwise repeat a configuration 
which would contradict its minimality. 

Last phase. The last phase is a positive path. Like in Case 1) we can bound its length by 
K'^ + K. 

To conclude, the length of the shortest witness for pm — f qn is bounded by niK'' + K{K^ + 
l) + K'^ + K < max{m, l]bK'^. D 

Theorem 30 Checking strong trace inclusion T{pm) C T{q) or weak trace inclusion T{pm) ^ 
T{q) for a OCA process pm and a finite process q is PSPACE complete. 
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Table 1: Decidability of preorders and equivalences on finite-state systems, OCN and OCA, 



resp. New results in boldface. 








FS 


OCN 


OCA 


r^ 


P-complete [19] 


PSPACE-complete [21, 3] 


Ri 


P-complete [19] 


undecidable [17] 


^ 


P-complete [19] 


decidable [1, 11] 
PSPACE-hard [21] 


undecidable [13] 


< 


P-complete [19] 


decidable 


undecidable [13] 


^/^ 


PSPACE-compl. [18] 


undecidable 


undecidable [22] 



Table 2: Known results on checking simulation, weak simulation and trace inclusion between 
one-counter and finite systems. 





OCN 


OCA 


r^ FS 


P-complete [15] 


P-complete [15] 


^FS 


P^^-complete [8] 


P^^-complete [8] 


^ FS (and FS ^ ) 


P-complete [16] 


PSPACE-complete[20, 21] 


S FS (and FS S) 


P-complete 


PSPACE-complete[20, 21] 


C/gFS 


PSPACE-complete 


PSPACE-complete 


FS<Z/^ 


decidable [10] 


undecidable [22] 



Proof A PSPACE lower bound holds already for strong trace inclusion of finite-state systems 
[18]. The weak trace inclusion problem T{pm) ^ T{q) can trivially be reduced to the strong one 
by taking the transitive closure of the finite system w.r.t. invisible transitions. It remains to 
show a PSPACE upper bound for the problem T{pm) C T{q). Let pm be a configuration of the 
OCA A = (Q, Act, 6, 5o) and q a state of the NFA B = {S, Act, 5) and let B denote the powerset 
automaton of B. 

To check if T{pm) ^ T(q) holds we can equivalently test T{pm) n T{qY ^ 0. That is, if in 
the product automaton Ax B some control-state (p',0) is reachable from initial configuration 
{p,{q})m. This can be checked by nondeterministically guessing a path stepwise. The finite 
control of the automaton ^ x i^ is bounded by K := \Q\ * 2' '. By Lemma 29 we know that the 
shortest path that witnesses such a control-state reachability is bounded by B := max{?7i, l}5i^^. 
This bounds the number of steps we need to consider until we can safely terminate and conclude 
that in fact trace inclusion holds. B is polynomial in m and \Q\ and exponential in IS*]. However, 
we need only polynomial space to store a configuration oi A x B (with control-state numbers 
and counter values encoded in binary) and the binary coded values of the search-depth and its 
bound B. Thus we can check the condition in PSPACE. D 



9 Summary and Conclusion 

We summarize known results about the complexity of checking the following semantic pre- 
orders/equivalences: strong bisimulation ~, weak bisimulation ~, strong simulation ^ , weak 
simulation ^ , strong trace inclusion C and weak trace inclusion ^ . In Table 1 we consider prob- 
lems where systems of the same type are compared, while in Table 2 we consider the problems 
of checking preorders/equivalences between infinite-state systems and finite-state systems. 

The construction used to show PSPACE hardness of strong bisimulation in [21] uses OCN 
only, and moreover it can be modified to prove a PSPACE lower bound for checking strong 
simulation between OCA and finite systems (and vice-versa) and strong simulation for OCN; 
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see Remark 3.8 in [21]. 

The proof of the undecidabihty of weak bisimulation between OCN [17] can be modified to 
work even for the subclass of normed nets with unary alphabets. 

A PSPACE upper bound for strong/weak simulation between OCA and FS (and vice-versa) 
can be obtained by reduction to /i-calculus model checking for OCA, which is in PSPACE [20]. 
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A Proof of Theorem 5 

Theorem 5. For two one-counter nets M and N with states Qm and Qat resp., one can 
effectively construct a OCN M' witli states Qm' 5 Qm and a c^j-net N' witli states Qat' 5 Qn 
sucli tliat for each pair p,q £ Qm x Qa^ of original control states and any ordinal a the following 
hold. 

1. pm ^ qn w.r.t. M,N iff p?TT. ^ qn w.r.t. M',N'. 

2. li pni ^^ qn w.r.t. M,N then pm <^ qn w.r.t. M',N'. 

The reduction will be done in two steps. First (Lemma 35) we reduce weak simulation for 
one-counter nets to strong simulation beteween a one-counter net and yet another auxiliary 
model called guarded oj-nets. These differ from w-nets in that each transition may change the 
counter by more than one and is guarded by an integer, i.e. can only be applied if the current 
counter value exceeds the guard attached to it. In the second step (Lemma 36) we normalize the 
effects of all transitions to { — 1,0,1, uj} and eliminate all integer guards and thereby construct 
an ordinary w-net for Duplicator. 

Before we start observe that without loss of generality we can assume that every state p 

allows a silent loop p —^p. 

Definition 31 A path in a one-counter net N = {Q,Act,5) is a sequence vr = (sQ,ao,do,to) 
{si,ai,di,ti) . . . (sfc, Uk, dk, tk) G S* of transitions where Sj+i = ti for all i < k. We call tt cyclic 
if Si = tj for some < i < j < k and write *7r for its prefix of length i. A cyclic path is a loop 
if Pi 7^ pj for all < i < j < k. Define the effect A(7r) and guard r(7r) of a path it by 

k 
A{tt) = ^di and r(7r) = - min{A(V)|i < k} 

i=0 

where n < uj and n + uj = uj + n = u for every n G N. The guard T{'k) denotes the minimal 
counter value that is needed to traverse the path vr while maintaining a non-negative counter 
value along all intermediate configurations. Lastly, fix a homomorphism obs : 6* — )■ {Act\{T})* , 
that maps paths to their observable action sequences; obs{{s, r, d, t)) = e and obs{{s, a, d, t)) = a 
for a ^ T. 

Definition 32 (Guarded a;- Nets) A guarded a;-net N = {Q, Act, 5) is given by finite sets 
Q, Act of states and actions and a transition relation 6 (^ Q x Act x N xZL){uj} x Q. It defines a 
transition system over the stateset QxN where pm — >qn iff there is a transition (p, a, g, d,q) £ 5 
with 

1. m > g and 

2. n = m-\-d£Nord = uj and n > m. 

Specifically, A^ is a co-net if for all transitions g = and d £ { — 1,0, l,a;}. The next 
construction establishes the connection between weak similarity of one-counter nets and strong 
similarity between OCN and guarded w-net processes. 

Lemma 33 For a one-counter net N = {Q, Act, 6) we can effectively construct a guarded uj-net 
G = {Q, Act, 6') such that for all a G Act, 

1. whenever pm =^]y qn, there is a n' > n such that pm — >q qn' 
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2. whenever pm — >q qn, there is a n' > n such that pm =^j^ qn' . 

Proof The idea of the proof is to introduce direct transitions from one state to another for 
any path between them that reads at most one visible action and does not contain silent cycles. 
For two states s, t of N, let D{s, t) be the set of direct paths from s to t: 

Dis,t) = {{pi,ai,di,pi+i)i^k -Po = s,Pk = t, 

^0<i<j<kPi =Pj =^ {i = OAj = k)}. 

Define the subset of silent direct paths by SD{s,t) = {tt G D(s,t)\obs{TT) = e}. Every path in 
D{s,t) has acyclic prefixes only and is therefore bounded in length by \Q\. Hence D{s,t) and 
SD(s,t) are finite and effectively computable for all pairs s,t. 

Using this notation, we define the transitions in G as follows. Let 6' contain a transition 
(p, a,r(7r), A(7r), g) for each path vr = tti{s, a, d,s' )Tr2 G 5~^ where tti G SD{p,s) and tt2 G 
SD(s',q). This carries over all transitions of N because the empty path is in SD{s,s) for all 
states s. Moreover, introduce w-transitions in case N allows paths tti,tt2 as above to contain 
direct cycles with positive effect on the counter: If there is a path vr = 7r^7r^'7r"'(s, a, d, s')ti2 with 

1. tt[ G SD{p,t), vr'/ G SD{t,t) and vr'/' G SD{t,s) 

2. A«) > 

for some t £ Q, then 6' contains a transition {p,a,T{TT[TT'(),u},q). Similarly, if for some t £ Q, 
there is a path vr = 7ri(s, a, d, s')tt21T2TT2 that satisfies 

1. vri G SD{p,s)y2 e SD{s',t), ^ G SD{t,t) and tt'^' G SD{t,q) 

2. A{tt'^) > 

add a transition {p,a,g,oj,q) with guard g = T {'7ri{s, a, d,s' )Tr2n2)- If there is an a-labelled 
path from p to q that contains a silent and direct cycle with positive effect, G has an a-labelled 
cu-transition from p to q with the guard derived from that path. 

To prove the first part of the claim, assume pm =^j^ qn. By definition of weak steps, there 
must be a path vr = 7ri(s, o, d, s')7r2 with obs{TTi) = obs{TT2) = £■ Suppose both vri and it2 do 
not contain loops with positive effect. Then there must be paths %[ G SD{p, s),ir2 G SD{s',q) 
with r(7rQ < r(7rj) and A(tt'-) > A(7rj) for i G {1,2} that can be obtained from vri and 7r2 by 
removing all loops with effects less or equal 0. So G contains a transition (p, a,g' , d' , q) for some 
g' < m and d' > n — m and hence pm — >q qn' for n' = m + d' > n. Alternatively, either tti or 
7r2 contains a loop with positive effect. Note that for any such path, another path with lower 
or equal guard exists that connects the same states and contains only one counter-increasing 
loop: If VTi contains a loop with positive effect, there is a path vFi = vr^vr^'vr^" from p to s, where 
vr^, vr" and vr"' are direct and A(7r") > for the loop vr" G SD{t, t) for some state t. In this case, 
G contains a w-transition {p,a,g,uj,q) with g = r(vr^7r"). Similarly, if 7r2 contains the counter- 
increasing loop, there is a vf2 = it2TT2'TT2', with VTg G SD{s' ,t),TT2 G SD{t,t), tt2 G SD{t,q) and 
A(vr2) > 0. This means there is a transition {p,a,g,UJ,q) in G with g = r(vri(s, a, d, s')vr2vr2). 
In both cases, g < r(vr) < m and therefore pm — >q qi for all i > m. 

For the second part of the claim, assume pm — >q qn. This must be the result of a transition 
{p,a,g,d,q) G S' for some g < ni. In case d ^ lo, there is a path vr G 5* from p to q with 
A(vr) = n — m, o6s(vr) = a and r(vr) = g that witnesses the weak step pm =^j^ qn in N. 
Otherwise if d = oj, there must be a path vr = vriivri2vri3(s, a, d, s')it2iit22'^23 from p to g in A^ 
where r(vr) < m, all TTij are silent and direct and one of vri2 and vr22 is a cycle with strictly positive 
effect. This implies that one can "pump" the value of the counter higher than any given value. 
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Specifically, there are naturals k and j such that the path tt' = 7rii7rf2'^i3(S) '^) '^j '5')^2i7i"22^23 
from p to q satisfies r(7r') < r(7r) < m and A(7r') > m — n. Now vr' witnesses the weak step 
pm =^j^ qn' in N for an n' > n. □ 

Remark 34 Observe that no transition of the net G as constructed above has a guard larger 
than \Q\ * 3 + 1 and finite effect > 2\Q\ + 1. 

Lemma 35 For a one-counter net N = {Q, Act, 5) one can effectively construct a guarded u-net 
G = {Q,Act,S') s.t. for any OCN M and any two configurations pm,qn of M and N resp., 

pm ^ qn w.r.t. M,N <;=^ pm :< qn w.r.t. M,G. (18) 

Proof Consider the construction from the proof of Lemma 33. Let Sm N ^^ ^^^ largest weak 
simulation w.r.t. M,N and :^j[/[ q be the largest strong simulation w.r.t. M,G. 

For the "if" direction we show that ^^ ^^ is a weak simulation w.r.t. M, N. Assume prn :<j^ q 

qn and pm — >]^p'm' . That means there is a step qn — >q g'n' for some n' £ N so that p'm' <q 
q'n'. By Lemma 33 part 2, qn^^^q'n" for a n" > n' . Because simulation is monotonic we 
know that also p'm' :^m G q'"'^" ■ Similarly, for the "only if" direction, one can use the first claim 
of Lemma 33 to check that Sm N ^^ ^ strong simulation w.r.t. M, G. □ 

Lemma 36 For a one-counter net M and a guarded uj-net G one can effectively construct one- 
counter nets M' , G' such that for any two configurations pm, qn of M and G resp., 

pm :< qn w.r.t. M,G <^=^ pm :< qn w.r.t. M',G'. (19) 

Proof We first observe that for any transition of the guarded w-net G, the values of its guard 
is bounded by some constant. The same holds for all finite effects. Let T{G) be the maximal 
guard and A(G) be the maximal absolute finite effect of any transition of G. 

The idea of this construction is to simulate one round of the game M vs. G in k = 2T{G) + 
A(G) + 1 rounds of a simulation game M' vs. G'. We will replace original steps of both players by 
sequences of k steps in the new game, which is long enough to verify if the guard of Duplicator's 
move is satisfied and adjust the counter using transitions with effects in { — l,0,+l,u}} only. 

We transform the net M = {Qm, Act, 5m) to the net M' = {Qm'i Act' , 5m') as follows: 







Act' = Act U {6} 


(20) 






Qm' = Qm^ fell <i <k,pe Qm} 


(21) 






om' = ip — >qk\p — >q G om} 


(22) 






Ujpj — >Pi-i\l <i <k} 


(23) 






U{pi^q}. 


(24) 


We see that 


pm- 


a 1 a /b''^^ / b / 

—^M in ^^ pm — >M' 9k-in — >M' ^1"- — ^M' 9^ • 


(25) 



Now we transform the guarded w-net G = {Qgi Act, 8g) to the w-net G' = {Qg'i Act' , 6g')- 
Every original transition will be replaced by a sequence of k steps that test if the current counter 
value exceeds the guard g and adjust the counter accordingly. The new net G' has states 

QG' = QG^{ti\0<i<k,te6G}. (26) 
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For each original transition t = (p, a,g, d, q) £ 5g, we add the following transitions to Sq'- First, 
to test the guard: 

P^^tk-i, (27) 

ti -^ti-i, for k - g <i < k (28) 

ti -^^ti-i, ioi k - 2g < i < k - g. (29) 

Now we add transitions to adjust the counter according to d G N U {uj}. In case < d < oj we 
add 

ti'^-^ti^i, for k - 2g - \d\ < i < k - 2g (30) 

ti-^ti-i,ioi0<i<k-2g-d. (31) 



In case d < we add 



In case d = oj we add 



ti'^-^ti-i, foT k - 2g - \d\ < i < k - 2g (32) 

ti^ti-i,ioi0<i<k-2g + d. (33) 



ti^U^iJori = k-2g (34) 

ti-^ti^iJoi 0<i<k-2g. (35) 



Finally, we allow a move to the new state: 



to^q. (36) 



Observe that every transition in the constructed net G' has effect in { — 1, 0, +1,C;j}. G' is 
therefore an ordinary w-net. It is streightforward to see that 

pm — >Q qn <;=^ pm — >q, qn . (37j 

The claim (19) now follows from Equations (25) and (37). This conludes the proof of Lemma 
36 and point 1 of Theorem 5. 

For point 2 of the claim observe that by construction of M' and A*"', one round of a weak 
simulation game w.r.t. M,N is simulated by k rounds of a simulation game w.r.t. M',N'. 
Therefore, if if Spoiler has a strategy to win the simulation game w.r.t. M',N' in a rounds 
then he can derive a strategy to win the game w.r.t. M, N in not more than a rounds. So if 
pm 2^Q, qn w.r.t. M', N' then pm %^qn w.r.t. M, N. D 
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